3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/security.h>
17 #include <linux/seq_file.h>
18 #include <linux/err.h>
19 #include <keys/keyring-type.h>
20 #include <linux/uaccess.h>
23 #define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
28 #define KEY_LINK_FIXQUOTA 1UL
31 * When plumbing the depths of the key tree, this sets a hard limit
32 * set on how deep we're willing to go.
34 #define KEYRING_SEARCH_MAX_DEPTH 6
37 * We keep all named keyrings in a hash to speed looking them up.
39 #define KEYRING_NAME_HASH_SIZE (1 << 5)
41 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
42 static DEFINE_RWLOCK(keyring_name_lock);
44 static inline unsigned keyring_hash(const char *desc)
49 bucket += (unsigned char)*desc;
51 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
55 * The keyring key type definition. Keyrings are simply keys of this type and
56 * can be treated as ordinary keys in addition to having their own special
59 static int keyring_instantiate(struct key *keyring,
60 const void *data, size_t datalen);
61 static int keyring_match(const struct key *keyring, const void *criterion);
62 static void keyring_revoke(struct key *keyring);
63 static void keyring_destroy(struct key *keyring);
64 static void keyring_describe(const struct key *keyring, struct seq_file *m);
65 static long keyring_read(const struct key *keyring,
66 char __user *buffer, size_t buflen);
68 struct key_type key_type_keyring = {
70 .def_datalen = sizeof(struct keyring_list),
71 .instantiate = keyring_instantiate,
72 .match = keyring_match,
73 .revoke = keyring_revoke,
74 .destroy = keyring_destroy,
75 .describe = keyring_describe,
78 EXPORT_SYMBOL(key_type_keyring);
81 * Semaphore to serialise link/link calls to prevent two link calls in parallel
82 * introducing a cycle.
84 static DECLARE_RWSEM(keyring_serialise_link_sem);
87 * Publish the name of a keyring so that it can be found by name (if it has
90 static void keyring_publish_name(struct key *keyring)
94 if (keyring->description) {
95 bucket = keyring_hash(keyring->description);
97 write_lock(&keyring_name_lock);
99 if (!keyring_name_hash[bucket].next)
100 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
102 list_add_tail(&keyring->type_data.link,
103 &keyring_name_hash[bucket]);
105 write_unlock(&keyring_name_lock);
110 * Initialise a keyring.
112 * Returns 0 on success, -EINVAL if given any data.
114 static int keyring_instantiate(struct key *keyring,
115 const void *data, size_t datalen)
121 /* make the keyring available by name if it has one */
122 keyring_publish_name(keyring);
130 * Match keyrings on their name
132 static int keyring_match(const struct key *keyring, const void *description)
134 return keyring->description &&
135 strcmp(keyring->description, description) == 0;
139 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
140 * and dispose of its data.
142 static void keyring_destroy(struct key *keyring)
144 struct keyring_list *klist;
147 if (keyring->description) {
148 write_lock(&keyring_name_lock);
150 if (keyring->type_data.link.next != NULL &&
151 !list_empty(&keyring->type_data.link))
152 list_del(&keyring->type_data.link);
154 write_unlock(&keyring_name_lock);
157 klist = rcu_dereference_check(keyring->payload.subscriptions,
158 rcu_read_lock_held() ||
159 atomic_read(&keyring->usage) == 0);
161 for (loop = klist->nkeys - 1; loop >= 0; loop--)
162 key_put(klist->keys[loop]);
168 * Describe a keyring for /proc.
170 static void keyring_describe(const struct key *keyring, struct seq_file *m)
172 struct keyring_list *klist;
174 if (keyring->description)
175 seq_puts(m, keyring->description);
177 seq_puts(m, "[anon]");
179 if (key_is_instantiated(keyring)) {
181 klist = rcu_dereference(keyring->payload.subscriptions);
183 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
185 seq_puts(m, ": empty");
191 * Read a list of key IDs from the keyring's contents in binary form
193 * The keyring's semaphore is read-locked by the caller.
195 static long keyring_read(const struct key *keyring,
196 char __user *buffer, size_t buflen)
198 struct keyring_list *klist;
204 klist = rcu_dereference_locked_keyring(keyring);
206 /* calculate how much data we could return */
207 qty = klist->nkeys * sizeof(key_serial_t);
209 if (buffer && buflen > 0) {
213 /* copy the IDs of the subscribed keys into the
217 for (loop = 0; loop < klist->nkeys; loop++) {
218 key = klist->keys[loop];
220 tmp = sizeof(key_serial_t);
224 if (copy_to_user(buffer,
244 * Allocate a keyring and link into the destination keyring.
246 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
247 const struct cred *cred, unsigned long flags,
253 keyring = key_alloc(&key_type_keyring, description,
255 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
258 if (!IS_ERR(keyring)) {
259 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
262 keyring = ERR_PTR(ret);
270 * keyring_search_aux - Search a keyring tree for a key matching some criteria
271 * @keyring_ref: A pointer to the keyring with possession indicator.
272 * @cred: The credentials to use for permissions checks.
273 * @type: The type of key to search for.
274 * @description: Parameter for @match.
275 * @match: Function to rule on whether or not a key is the one required.
276 * @no_state_check: Don't check if a matching key is bad
278 * Search the supplied keyring tree for a key that matches the criteria given.
279 * The root keyring and any linked keyrings must grant Search permission to the
280 * caller to be searchable and keys can only be found if they too grant Search
281 * to the caller. The possession flag on the root keyring pointer controls use
282 * of the possessor bits in permissions checking of the entire tree. In
283 * addition, the LSM gets to forbid keyring searches and key matches.
285 * The search is performed as a breadth-then-depth search up to the prescribed
286 * limit (KEYRING_SEARCH_MAX_DEPTH).
288 * Keys are matched to the type provided and are then filtered by the match
289 * function, which is given the description to use in any way it sees fit. The
290 * match function may use any attributes of a key that it wishes to to
291 * determine the match. Normally the match function from the key type would be
294 * RCU is used to prevent the keyring key lists from disappearing without the
295 * need to take lots of locks.
297 * Returns a pointer to the found key and increments the key usage count if
298 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
299 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
300 * specified keyring wasn't a keyring.
302 * In the case of a successful return, the possession attribute from
303 * @keyring_ref is propagated to the returned key reference.
305 key_ref_t keyring_search_aux(key_ref_t keyring_ref,
306 const struct cred *cred,
307 struct key_type *type,
308 const void *description,
309 key_match_func_t match,
313 struct keyring_list *keylist;
315 } stack[KEYRING_SEARCH_MAX_DEPTH];
317 struct keyring_list *keylist;
319 unsigned long possessed, kflags;
320 struct key *keyring, *key;
325 keyring = key_ref_to_ptr(keyring_ref);
326 possessed = is_key_possessed(keyring_ref);
329 /* top keyring must have search permission to begin the search */
330 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
332 key_ref = ERR_PTR(err);
336 key_ref = ERR_PTR(-ENOTDIR);
337 if (keyring->type != &key_type_keyring)
342 now = current_kernel_time();
346 /* firstly we should check to see if this top-level keyring is what we
348 key_ref = ERR_PTR(-EAGAIN);
349 kflags = keyring->flags;
350 if (keyring->type == type && match(keyring, description)) {
355 /* check it isn't negative and hasn't expired or been
357 if (kflags & (1 << KEY_FLAG_REVOKED))
359 if (key->expiry && now.tv_sec >= key->expiry)
361 key_ref = ERR_PTR(key->type_data.reject_error);
362 if (kflags & (1 << KEY_FLAG_NEGATIVE))
367 /* otherwise, the top keyring must not be revoked, expired, or
368 * negatively instantiated if we are to search it */
369 key_ref = ERR_PTR(-EAGAIN);
370 if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) ||
371 (keyring->expiry && now.tv_sec >= keyring->expiry))
374 /* start processing a new keyring */
376 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
377 goto not_this_keyring;
379 keylist = rcu_dereference(keyring->payload.subscriptions);
381 goto not_this_keyring;
383 /* iterate through the keys in this keyring first */
384 for (kix = 0; kix < keylist->nkeys; kix++) {
385 key = keylist->keys[kix];
388 /* ignore keys not of this type */
389 if (key->type != type)
392 /* skip revoked keys and expired keys */
393 if (!no_state_check) {
394 if (kflags & (1 << KEY_FLAG_REVOKED))
397 if (key->expiry && now.tv_sec >= key->expiry)
401 /* keys that don't match */
402 if (!match(key, description))
405 /* key must have search permissions */
406 if (key_task_permission(make_key_ref(key, possessed),
407 cred, KEY_SEARCH) < 0)
413 /* we set a different error code if we pass a negative key */
414 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
415 err = key->type_data.reject_error;
422 /* search through the keyrings nested in this one */
425 for (; kix < keylist->nkeys; kix++) {
426 key = keylist->keys[kix];
427 if (key->type != &key_type_keyring)
430 /* recursively search nested keyrings
431 * - only search keyrings for which we have search permission
433 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
436 if (key_task_permission(make_key_ref(key, possessed),
437 cred, KEY_SEARCH) < 0)
440 /* stack the current position */
441 stack[sp].keylist = keylist;
445 /* begin again with the new keyring */
450 /* the keyring we're looking at was disqualified or didn't contain a
454 /* resume the processing of a keyring higher up in the tree */
456 keylist = stack[sp].keylist;
457 kix = stack[sp].kix + 1;
461 key_ref = ERR_PTR(err);
464 /* we found a viable match */
466 atomic_inc(&key->usage);
468 key_ref = make_key_ref(key, possessed);
476 * keyring_search - Search the supplied keyring tree for a matching key
477 * @keyring: The root of the keyring tree to be searched.
478 * @type: The type of keyring we want to find.
479 * @description: The name of the keyring we want to find.
481 * As keyring_search_aux() above, but using the current task's credentials and
482 * type's default matching function.
484 key_ref_t keyring_search(key_ref_t keyring,
485 struct key_type *type,
486 const char *description)
489 return ERR_PTR(-ENOKEY);
491 return keyring_search_aux(keyring, current->cred,
492 type, description, type->match, false);
494 EXPORT_SYMBOL(keyring_search);
497 * Search the given keyring only (no recursion).
499 * The caller must guarantee that the keyring is a keyring and that the
500 * permission is granted to search the keyring as no check is made here.
502 * RCU is used to make it unnecessary to lock the keyring key list here.
504 * Returns a pointer to the found key with usage count incremented if
505 * successful and returns -ENOKEY if not found. Revoked keys and keys not
506 * providing the requested permission are skipped over.
508 * If successful, the possession indicator is propagated from the keyring ref
509 * to the returned key reference.
511 key_ref_t __keyring_search_one(key_ref_t keyring_ref,
512 const struct key_type *ktype,
513 const char *description,
516 struct keyring_list *klist;
517 unsigned long possessed;
518 struct key *keyring, *key;
521 keyring = key_ref_to_ptr(keyring_ref);
522 possessed = is_key_possessed(keyring_ref);
526 klist = rcu_dereference(keyring->payload.subscriptions);
528 for (loop = 0; loop < klist->nkeys; loop++) {
529 key = klist->keys[loop];
531 if (key->type == ktype &&
532 (!key->type->match ||
533 key->type->match(key, description)) &&
534 key_permission(make_key_ref(key, possessed),
536 !test_bit(KEY_FLAG_REVOKED, &key->flags)
543 return ERR_PTR(-ENOKEY);
546 atomic_inc(&key->usage);
548 return make_key_ref(key, possessed);
552 * Find a keyring with the specified name.
554 * All named keyrings in the current user namespace are searched, provided they
555 * grant Search permission directly to the caller (unless this check is
556 * skipped). Keyrings whose usage points have reached zero or who have been
557 * revoked are skipped.
559 * Returns a pointer to the keyring with the keyring's refcount having being
560 * incremented on success. -ENOKEY is returned if a key could not be found.
562 struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
568 return ERR_PTR(-EINVAL);
570 bucket = keyring_hash(name);
572 read_lock(&keyring_name_lock);
574 if (keyring_name_hash[bucket].next) {
575 /* search this hash bucket for a keyring with a matching name
576 * that's readable and that hasn't been revoked */
577 list_for_each_entry(keyring,
578 &keyring_name_hash[bucket],
581 if (keyring->user->user_ns != current_user_ns())
584 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
587 if (strcmp(keyring->description, name) != 0)
590 if (!skip_perm_check &&
591 key_permission(make_key_ref(keyring, 0),
595 /* we've got a match but we might end up racing with
596 * key_cleanup() if the keyring is currently 'dead'
597 * (ie. it has a zero usage count) */
598 if (!atomic_inc_not_zero(&keyring->usage))
604 keyring = ERR_PTR(-ENOKEY);
606 read_unlock(&keyring_name_lock);
611 * See if a cycle will will be created by inserting acyclic tree B in acyclic
612 * tree A at the topmost level (ie: as a direct child of A).
614 * Since we are adding B to A at the top level, checking for cycles should just
615 * be a matter of seeing if node A is somewhere in tree B.
617 static int keyring_detect_cycle(struct key *A, struct key *B)
620 struct keyring_list *keylist;
622 } stack[KEYRING_SEARCH_MAX_DEPTH];
624 struct keyring_list *keylist;
625 struct key *subtree, *key;
637 /* start processing a new keyring */
639 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
640 goto not_this_keyring;
642 keylist = rcu_dereference(subtree->payload.subscriptions);
644 goto not_this_keyring;
648 /* iterate through the remaining keys in this keyring */
649 for (; kix < keylist->nkeys; kix++) {
650 key = keylist->keys[kix];
655 /* recursively check nested keyrings */
656 if (key->type == &key_type_keyring) {
657 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
660 /* stack the current position */
661 stack[sp].keylist = keylist;
665 /* begin again with the new keyring */
671 /* the keyring we're looking at was disqualified or didn't contain a
675 /* resume the checking of a keyring higher up in the tree */
677 keylist = stack[sp].keylist;
678 kix = stack[sp].kix + 1;
682 ret = 0; /* no cycles detected */
698 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
701 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
703 struct keyring_list *klist =
704 container_of(rcu, struct keyring_list, rcu);
706 if (klist->delkey != USHRT_MAX)
707 key_put(klist->keys[klist->delkey]);
712 * Preallocate memory so that a key can be linked into to a keyring.
714 int __key_link_begin(struct key *keyring, const struct key_type *type,
715 const char *description, unsigned long *_prealloc)
716 __acquires(&keyring->sem)
718 struct keyring_list *klist, *nklist;
719 unsigned long prealloc;
724 kenter("%d,%s,%s,", key_serial(keyring), type->name, description);
726 if (keyring->type != &key_type_keyring)
729 down_write(&keyring->sem);
732 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
735 /* serialise link/link calls to prevent parallel calls causing a cycle
736 * when linking two keyring in opposite orders */
737 if (type == &key_type_keyring)
738 down_write(&keyring_serialise_link_sem);
740 klist = rcu_dereference_locked_keyring(keyring);
742 /* see if there's a matching key we can displace */
743 if (klist && klist->nkeys > 0) {
744 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
745 if (klist->keys[loop]->type == type &&
746 strcmp(klist->keys[loop]->description,
749 /* found a match - we'll replace this one with
751 size = sizeof(struct key *) * klist->maxkeys;
752 size += sizeof(*klist);
753 BUG_ON(size > PAGE_SIZE);
756 nklist = kmemdup(klist, size, GFP_KERNEL);
760 /* note replacement slot */
761 klist->delkey = nklist->delkey = loop;
762 prealloc = (unsigned long)nklist;
768 /* check that we aren't going to overrun the user's quota */
769 ret = key_payload_reserve(keyring,
770 keyring->datalen + KEYQUOTA_LINK_BYTES);
774 if (klist && klist->nkeys < klist->maxkeys) {
775 /* there's sufficient slack space to append directly */
777 prealloc = KEY_LINK_FIXQUOTA;
779 /* grow the key list */
782 max += klist->maxkeys;
785 if (max > USHRT_MAX - 1)
787 size = sizeof(*klist) + sizeof(struct key *) * max;
788 if (size > PAGE_SIZE)
792 nklist = kmalloc(size, GFP_KERNEL);
796 nklist->maxkeys = max;
798 memcpy(nklist->keys, klist->keys,
799 sizeof(struct key *) * klist->nkeys);
800 nklist->delkey = klist->nkeys;
801 nklist->nkeys = klist->nkeys + 1;
802 klist->delkey = USHRT_MAX;
808 /* add the key into the new space */
809 nklist->keys[nklist->delkey] = NULL;
812 prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
814 *_prealloc = prealloc;
819 /* undo the quota changes */
820 key_payload_reserve(keyring,
821 keyring->datalen - KEYQUOTA_LINK_BYTES);
823 if (type == &key_type_keyring)
824 up_write(&keyring_serialise_link_sem);
826 up_write(&keyring->sem);
827 kleave(" = %d", ret);
832 * Check already instantiated keys aren't going to be a problem.
834 * The caller must have called __key_link_begin(). Don't need to call this for
835 * keys that were created since __key_link_begin() was called.
837 int __key_link_check_live_key(struct key *keyring, struct key *key)
839 if (key->type == &key_type_keyring)
840 /* check that we aren't going to create a cycle by linking one
841 * keyring to another */
842 return keyring_detect_cycle(keyring, key);
847 * Link a key into to a keyring.
849 * Must be called with __key_link_begin() having being called. Discards any
850 * already extant link to matching key if there is one, so that each keyring
851 * holds at most one link to any given key of a particular type+description
854 void __key_link(struct key *keyring, struct key *key,
855 unsigned long *_prealloc)
857 struct keyring_list *klist, *nklist;
859 nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA);
862 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
864 klist = rcu_dereference_protected(keyring->payload.subscriptions,
865 rwsem_is_locked(&keyring->sem));
867 atomic_inc(&key->usage);
869 /* there's a matching key we can displace or an empty slot in a newly
870 * allocated list we can fill */
872 kdebug("replace %hu/%hu/%hu",
873 nklist->delkey, nklist->nkeys, nklist->maxkeys);
875 nklist->keys[nklist->delkey] = key;
877 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
879 /* dispose of the old keyring list and, if there was one, the
882 kdebug("dispose %hu/%hu/%hu",
883 klist->delkey, klist->nkeys, klist->maxkeys);
884 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
887 /* there's sufficient slack space to append directly */
888 klist->keys[klist->nkeys] = key;
895 * Finish linking a key into to a keyring.
897 * Must be called with __key_link_begin() having being called.
899 void __key_link_end(struct key *keyring, struct key_type *type,
900 unsigned long prealloc)
901 __releases(&keyring->sem)
903 BUG_ON(type == NULL);
904 BUG_ON(type->name == NULL);
905 kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
907 if (type == &key_type_keyring)
908 up_write(&keyring_serialise_link_sem);
911 if (prealloc & KEY_LINK_FIXQUOTA)
912 key_payload_reserve(keyring,
914 KEYQUOTA_LINK_BYTES);
915 kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
917 up_write(&keyring->sem);
921 * key_link - Link a key to a keyring
922 * @keyring: The keyring to make the link in.
923 * @key: The key to link to.
925 * Make a link in a keyring to a key, such that the keyring holds a reference
926 * on that key and the key can potentially be found by searching that keyring.
928 * This function will write-lock the keyring's semaphore and will consume some
929 * of the user's key data quota to hold the link.
931 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
932 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
933 * full, -EDQUOT if there is insufficient key data quota remaining to add
934 * another link or -ENOMEM if there's insufficient memory.
936 * It is assumed that the caller has checked that it is permitted for a link to
937 * be made (the keyring should have Write permission and the key Link
940 int key_link(struct key *keyring, struct key *key)
942 unsigned long prealloc;
948 ret = __key_link_begin(keyring, key->type, key->description, &prealloc);
950 ret = __key_link_check_live_key(keyring, key);
952 __key_link(keyring, key, &prealloc);
953 __key_link_end(keyring, key->type, prealloc);
958 EXPORT_SYMBOL(key_link);
961 * key_unlink - Unlink the first link to a key from a keyring.
962 * @keyring: The keyring to remove the link from.
963 * @key: The key the link is to.
965 * Remove a link from a keyring to a key.
967 * This function will write-lock the keyring's semaphore.
969 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
970 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
973 * It is assumed that the caller has checked that it is permitted for a link to
974 * be removed (the keyring should have Write permission; no permissions are
975 * required on the key).
977 int key_unlink(struct key *keyring, struct key *key)
979 struct keyring_list *klist, *nklist;
986 if (keyring->type != &key_type_keyring)
989 down_write(&keyring->sem);
991 klist = rcu_dereference_locked_keyring(keyring);
993 /* search the keyring for the key */
994 for (loop = 0; loop < klist->nkeys; loop++)
995 if (klist->keys[loop] == key)
999 up_write(&keyring->sem);
1004 /* we need to copy the key list for RCU purposes */
1005 nklist = kmalloc(sizeof(*klist) +
1006 sizeof(struct key *) * klist->maxkeys,
1010 nklist->maxkeys = klist->maxkeys;
1011 nklist->nkeys = klist->nkeys - 1;
1014 memcpy(&nklist->keys[0],
1016 loop * sizeof(struct key *));
1018 if (loop < nklist->nkeys)
1019 memcpy(&nklist->keys[loop],
1020 &klist->keys[loop + 1],
1021 (nklist->nkeys - loop) * sizeof(struct key *));
1023 /* adjust the user's quota */
1024 key_payload_reserve(keyring,
1025 keyring->datalen - KEYQUOTA_LINK_BYTES);
1027 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1029 up_write(&keyring->sem);
1031 /* schedule for later cleanup */
1032 klist->delkey = loop;
1033 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1041 up_write(&keyring->sem);
1044 EXPORT_SYMBOL(key_unlink);
1047 * Dispose of a keyring list after the RCU grace period, releasing the keys it
1050 static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1052 struct keyring_list *klist;
1055 klist = container_of(rcu, struct keyring_list, rcu);
1057 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1058 key_put(klist->keys[loop]);
1064 * keyring_clear - Clear a keyring
1065 * @keyring: The keyring to clear.
1067 * Clear the contents of the specified keyring.
1069 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
1071 int keyring_clear(struct key *keyring)
1073 struct keyring_list *klist;
1077 if (keyring->type == &key_type_keyring) {
1078 /* detach the pointer block with the locks held */
1079 down_write(&keyring->sem);
1081 klist = rcu_dereference_locked_keyring(keyring);
1083 /* adjust the quota */
1084 key_payload_reserve(keyring,
1085 sizeof(struct keyring_list));
1087 rcu_assign_pointer(keyring->payload.subscriptions,
1091 up_write(&keyring->sem);
1093 /* free the keys after the locks have been dropped */
1095 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1102 EXPORT_SYMBOL(keyring_clear);
1105 * Dispose of the links from a revoked keyring.
1107 * This is called with the key sem write-locked.
1109 static void keyring_revoke(struct key *keyring)
1111 struct keyring_list *klist;
1113 klist = rcu_dereference_locked_keyring(keyring);
1115 /* adjust the quota */
1116 key_payload_reserve(keyring, 0);
1119 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1120 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1125 * Determine whether a key is dead.
1127 static bool key_is_dead(struct key *key, time_t limit)
1129 return test_bit(KEY_FLAG_DEAD, &key->flags) ||
1130 (key->expiry > 0 && key->expiry <= limit);
1134 * Collect garbage from the contents of a keyring, replacing the old list with
1135 * a new one with the pointers all shuffled down.
1137 * Dead keys are classed as oned that are flagged as being dead or are revoked,
1138 * expired or negative keys that were revoked or expired before the specified
1141 void keyring_gc(struct key *keyring, time_t limit)
1143 struct keyring_list *klist, *new;
1145 int loop, keep, max;
1147 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1149 down_write(&keyring->sem);
1151 klist = rcu_dereference_locked_keyring(keyring);
1155 /* work out how many subscriptions we're keeping */
1157 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1158 if (!key_is_dead(klist->keys[loop], limit))
1161 if (keep == klist->nkeys)
1164 /* allocate a new keyring payload */
1165 max = roundup(keep, 4);
1166 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1174 /* install the live keys
1175 * - must take care as expired keys may be updated back to life
1178 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1179 key = klist->keys[loop];
1180 if (!key_is_dead(key, limit)) {
1183 new->keys[keep++] = key_get(key);
1188 /* adjust the quota */
1189 key_payload_reserve(keyring,
1190 sizeof(struct keyring_list) +
1191 KEYQUOTA_LINK_BYTES * keep);
1194 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1197 rcu_assign_pointer(keyring->payload.subscriptions, new);
1200 up_write(&keyring->sem);
1202 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1208 keyring_clear_rcu_disposal(&new->rcu);
1209 up_write(&keyring->sem);
1210 kleave(" [discard]");
1214 up_write(&keyring->sem);
1215 kleave(" [no dead]");
1219 up_write(&keyring->sem);
1220 kleave(" [no_klist]");
1224 up_write(&keyring->sem);
git.openpandora.org / pandora-kernel.git / blob